Cloud Security: 5 Things You Must Know About Cyber Security in the Cloud

At first glance, cloud computing and cyber security might like polar opposites. The first requires storing your data off-site and the second requires building virtual walls around it, protecting your data at all costs. Cloud computing means outsourcing, trusting a vendor to keep your data and transactions safe. Cyber security means keeping it all close, trusting on-site staff, procedures and protocols to do the job. Should these two approaches clash?

Quite the opposite: As more and more businesses move their computing and data to the cloud, we are seeing a kind of symbiotic relationship develop between the two seemingly distinct practices—out of necessity. Introducing cloud security, the business of ensuring cyber security when relying on cloud computing.

It wasn’t easy to get to this place. An inherent distrust made it hard for some IT managers to believe that letting data be stored and protected on anything other than a tangible mainframe computer that they could see and touch was a good idea. It’s even harder to swallow when it’s a public cloud solution vs. a private cloud. But—as they say—necessity is the mother of convention, and only those organizations that migrate to the cloud and reap the cost savings of doing so will survive. That makes cloud computing a necessary business strategy, and that, in turn, makes cloud security necessary as well.

Cloud Security Is the New Cyber Security

With every passing year, the number of businesses migrating to the cloud increases--and the number of cyberattacks increases, as if keeping pace. By 2018, 96 percent of organizations were using cloud computing in some way, according to CIO.com. At the same time, cyberattacks were on the rise, with almost twice as many ransomware attacks in 2017 (160,000) as compared to the previous year (82,000). And those are only the reported attacks, nor do those numbers include data breaches or denial-of-service attacks. Obviously, as cloud computing becomes the norm, cloud security must as well.

If you’re still trying to wrap your head around the idea of cloud security, and you’re not sure where your job as a cyber security professional ends and the vendor’s job begins, we’ve pulled together five things you should know about cyber security in the cloud to help you figure it out.

1. The organization is ultimately responsible for the security of the data and transactions. Cloud vendors know they must do their cyber-security part, but in the end, if a customer’s data is compromised, it is the organization that will have to answer to that customer or pay the fine. Similarly, if an organization falls victim to a ransomware attack, it is the organization that must pay the hacker. This means that just because you’re using cloud computing, you can’t let your guard down. According to one source, two common causes of data breaches in the cloud are misconfigured access restrictions on storage resources and forgotten or improperly secured systems, both of which are the responsibility of the organization, not the cloud vendor. You must still make cyber security one of your highest priorities, ensuring you have trained staff and that your staff stays current on the latest threats and predictions.

2. Cloud vendors are working to increase security and make it easier for businesses. Cloud vendors have already invested enormous resources in their own products’ security. When the major players include Amazon (Amazon Web Services), Microsoft (Azure), and Google (Google Cloud Platform), you can be sure security has been one of the highest priorities and some of the most talented minds have been tasked with it—for self-serving reasons if for no other. And now they have turned their attention to helping their customers improve security as well. For example, as summarized in an article at Forbes.com, Google offers a Cloud Security Command Center that acts like a scanner to look for vulnerabilities, and both Amazon and Microsoft have built applications and infrastructures to help. If you’re in doubt about how well you’re securing access and data on your end, turn to your vendor for help.

3. Cloud computing could improve security. Sometimes cloud computing offers a security solution. Small to medium size businesses are particularly vulnerable to cyberattacks such as ransomware because they don’t have or haven’t spent the resources to improve their cyber security. Moving to the cloud could improve their overall security, because the cloud vendors—as described above—have some of the toughest security in the IT space. In fact, some argue that moving data to the cloud is more secure than keeping it on-site, although that can be hard for some IT managers to accept, given their natural inclination to keep data where they have the most perceived control over it.

4. Cloud security is an even bigger issue with GDPR. In May of 2018, the General Data Protection Regulation (GDPR) became enforceable. Although it applies to residents of the European Union (EU) and European Economic Area (EEA), it has far-reaching effects for organizations all over the world because the citizens of these areas often do business with entities outside of these areas. Post GDPR, those entities and organizations must make sure their data practices comply. Although the best way to ensure compliance is through legal counsel, in general, this means both the cloud vendor and the cloud customer must be in compliance with data protection practices. For businesses that use a multi-cloud solution, with more than one vendor, each solution must also comply. This could get a little tricky, so it’s something to strive to stay on top of.

5. Cloud security is already affected by the Internet of Things (IoT). Despite all of the progress made in securing cloud solutions, data centers and network infrastructures, however, we are on the verge of undoing a lot of that progress due to the Internet of Things (IoT). With the explosion of IoT devices comes an explosion of security vulnerabilities, because these devices often don’t have the level of security they should (yet). As a result, they offer a “way in” to your data and even cloud solutions, undermining other cyber-security efforts. One expert predicts it will be so bad that the next couple of years will look like a game of Whack-a-Mole as businesses deal with these one-off security breaches.

Cloud computing is the future, there is no doubt about that, and cyber security will continue to be critical—there’s no doubt about that either. Taken together, you can see how cloud security is the next evolution in IT as the volume of data increases along with the risks, and regulations like GDPR make security enforceable while emerging IoT technologies undo it. It’s like a foggy forest with no clear path through it, at this point. So stay on top of your cloud security by staying informed, ensuring you or your staff are educated, and continuing to have a healthy level of distrust, or, as a military friend likes to say, “Trust but verify".

About the Author

Shivam Arora is a Senior Product Manager at Simplilearn. Passionate about driving product growth, Shivam has managed key AI and IOT based products across different business functions. He has 6+ years of product experience with a Masters in Marketing and Business Analytics.